CVS and SSH - $LOGNAME environment variable

From:

Steven Queen

Subject:

CVS and SSH - $LOGNAME environment variable

Date:

Wed, 13 Aug 2003 15:35:46 -0400

User-agent:

Mozilla/5.0 (X11; U; IRIX64 IP30; en-US; rv:1.3) Gecko/20030327

I have been using CVS in conjunction with an anonymous SSH account for
about 6 month's now in a configuration that requires a small
modification to the source code. Specifically, I wanted a single account
on the CVS server through which all of the developers could access the
repository -- but using SSH for maximum security.

The technique I used is described in detail in the O'Reilly book,

"SSH The Secure Shell: The Definitive Guide" by Barrett and Silverman,
on p. 309, section 8.2.6.1. The method establishes a single public CVS

login account with a restricted login shell that can only run CVS. The

only method of login into this account is via SSH, and it uses the
ability of OpenSSH to set a users environment variables (e.g. $LOGNAME)
based on the specific public key the use to gain access to the account.
The reason for setting the LOGNAME of the user is so that CVS submittals
are attributed to the correct developer, not solely with the public
access account. This scheme is straight out of the SSH text mentioned --
only it didn't work with CVS 1.1.14, when I tried it.

The solution was a modification of the source code file subr.c. I have
attached the (not very elegant) patch I applied to that file.

If this is something that should be incorporated into CVS, perhaps as a
build option, please let me know and I can provide more details.